CVE-2025-58089

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-44000

A reflected cross-site scripting xss vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-69268

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier...

Zippy-CRM 跨站脚本漏洞

Zippy-CRM is an accounting system with a web interface by Leon Personal Developer. A cross-site scripting vulnerability exists in Zippy-CRM version 6.5.4 that stems from unvalidated input parameters and could lead to a reflected cross-site scripting attack...

CVE-2025-68873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through = 1.0.25...

CVE-2025-27002

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

CVE-2023-49185

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7...

CVE-2023-4979

Cross-site Scripting XSS - Reflected in GitHub repository librenms/librenms prior to 23.9.0...

CVE-2025-23754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ulrich Sossou The Loops the-loops allows Reflected XSS.This issue affects The Loops: from n/a through = 1.0.2...

CVE-2025-68887 WordPress WP-BusinessDirectory plugin <= 4.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through = 4.0.1...

CVE-2025-67933 WordPress Taskbuilder plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through = 4.0.9...

CVE-2025-46494

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1...

CVE-2025-69082 WordPress Arlo theme <= 6.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through = 6.0.3...

CVE-2025-13369 Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'moneyspentfrom', 'moneyspentto', 'registeredfrom', and 'registeredto' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output...

WordPress plugin Arlo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-23707

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Matamko En Masse en-masse-wp allows Reflected XSS.This issue affects En Masse: from n/a through = 1.0...

WordPress plugin ZhinaTwitterWidget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Sleekplan 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

EUVD-2024-55359

A reflected cross-site scripting XSS vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP...

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...